VIRY.CZ

Dobry Den

Prosim o pomoc s tymto problemom.
Antivirus mi vzdy hlasi nejaky conficker cerv aa.
Cesta je C:\Windows\system32\x.exe
a este C:\Windows\system32\x
C:\system32\vmven.dll

Dakujem

Zdravim

Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/

Ulozte nejlepe na Plochu a rozbalte
Spustte kliknutim na mbanr
Nyni postupne kliknete na Next a Update
Po dokonceni update (aktualizace) databaze kliknete opet na Next
Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
PC bude restartovan
Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222

Provedte aktualizaci
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

Pripajam log:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 2 x86

Account is Administrative

Internet Explorer version: 6.0.2900.2180

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED
CPU speed: 1.830000 GHz
Memory total: 2146942976, free: 1569947648

Downloaded database version: v2013.08.20.06
Initializing...
------------ Kernel report ------------
08/20/2013 21:20:22
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
viamraid.sys
\WINDOWS\System32\DRIVERS\SCSIPORT.SYS
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
nv_agp.sys
Mup.sys
\SystemRoot\System32\DRIVERS\amdk7.sys
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\NVENET.sys
\SystemRoot\system32\drivers\ALCXWDM.SYS
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\ati2mtag.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\system32\DRIVERS\eamon.sys
\SystemRoot\System32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\DRIVERS\kbdhid.sys
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\epfwtdir.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\??\C:\Program Files\UltraISO\drivers\ISODrive.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\DRIVERS\secdrv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8a2cdab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Scsi\viamraid1Port2Path0Target2Lun0\
Lower Device Object: 0xffffffff8a320a38
Lower Device Driver Name: \Driver\viamraid\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a38aab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a2fdd98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a38aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a2cf718, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a38aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a2f5f18, DeviceName: \Device\00000060\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a2fdd98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4CF04CF

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 78975477
Partition file system is NTFS
Partition is bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 78975540 Numsec = 155461005

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 120034123776 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-234421648-234441648)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8a2cdab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a2e33a8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a2cdab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a320a38, DeviceName: \Device\Scsi\viamraid1Port2Path0Target2Lun0\, DriverName: \Driver\viamraid\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4DCF3D30

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 490962402

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 490962465 Numsec = 974181600

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Done!
Infected: c:\WINDOWS\system32\x --> [Worm.Conficker]
Scan finished
Creating System Restore point...
Could not create restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

Removal queue found; removal started
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removal finished

Pripajam log zo scan Mbam, nic som nedaval odstranit:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.20.06

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
XXXXX-XXXXX :: XXXXX [administrator]

Protection: Enabled

20.8.2013 21:53:48
MBAM-log-2013-08-20 (22-31-52).txt

Scan type: Full scan (C:\|D:\|E:\|H:\|I:\|J:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 299669
Time elapsed: 37 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 13
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4T6RSDQJ\avrxnnr[1].bmp (Extension.Mismatch) -> No action taken.
C:\Qoobox\Quarantine\C\hfqst.pif.vir (Trojan.Malpack.Gen) -> No action taken.
C:\Qoobox\Quarantine\C\itvju.pif.vir (Trojan.Malpack.Gen) -> No action taken.
C:\Qoobox\Quarantine\C\jfit.exe.vir (Trojan.Malpack.Gen) -> No action taken.
C:\Qoobox\Quarantine\C\mwkp.exe.vir (Trojan.Malpack.Gen) -> No action taken.
C:\Qoobox\Quarantine\C\nbav.pif.vir (Trojan.Malpack.Gen) -> No action taken.
C:\Qoobox\Quarantine\C\rougyv.pif.vir (Trojan.Malpack.Gen) -> No action taken.
C:\Qoobox\Quarantine\C\xcjels.pif.vir (Trojan.Malpack.Gen) -> No action taken.
C:\Qoobox\Quarantine\C\yobysa.pif.vir (Trojan.Malpack.Gen) -> No action taken.
C:\Qoobox\Quarantine\C\yulv.exe.vir (Trojan.Malpack.Gen) -> No action taken.
I:\Install\Total_Commander_v6.01_by_SS-DD.zip (RiskWare.Tool.CK) -> No action taken.
I:\Install\Kerio_Personal_Firewall_4.0.11.PATCH_MP2K.zip (RiskWare.Tool.CK) -> No action taken.
I:\System Volume Information\_restore{F21FB7AA-EDB5-4552-945E-EFC62B4C736A}\RP21\A0012862.EXE (Trojan.FakeMS) -> No action taken.

(end)

Dakujem idem off pre dnes, velmi pekne dakujem. Zajtra pridem pozriet.

Vy jste tam poustel ComboFix?

Poprosim o log z FRST http://forum.viry.cz/viewtopic.php?f=13&t=130781

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-08-2013
Ran by XXXXX-XXXXX (administrator) on 21-08-2013 16:02:14
Running from L:\
Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 6
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5078504 2013-03-21] (ESET)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k [x]

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.yhs.delta-search.com/?q={sea ... l&tsp=4934
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Tcpip\Parameters: [DhcpNameServer] 85.237.225.250 213.151.200.3

========================== Services (Whitelisted) =================

S2 Ati HotKey Poller; C:\Windows\system32\Ati2evxx.exe [254037 2003-04-28] ()
S4 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [114775 2003-04-28] ()
S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1341664 2013-03-21] (ESET)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 VRAID Log Service; C:\Program Files\VIA\RAID\vialogsv.exe [52888 2008-09-24] ()
S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

S3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [4108992 2007-08-07] (Realtek Semiconductor Corp.)
S1 eamon; C:\Windows\System32\DRIVERS\eamon.sys [161368 2013-01-10] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [122240 2013-01-10] (ESET)
S1 epfwtdir; C:\Windows\System32\DRIVERS\epfwtdir.sys [105784 2013-01-10] (ESET)
S1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [73728 2008-05-24] (EZB Systems, Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [35144 2013-08-20] ()
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 nvax; C:\Windows\System32\drivers\nvax.sys [13056 2002-12-05] (NVIDIA Corporation)
S3 NVENET; C:\Windows\System32\DRIVERS\NVENET.sys [80896 2002-09-23] (NVIDIA Corporation)
S3 nvnforce; C:\Windows\System32\drivers\nvapu.sys [241664 2002-12-05] (NVIDIA Corporation)
R0 nv_agp; C:\Windows\System32\DRIVERS\nv_agp.sys [13568 2002-09-06] (NVIDIA Corporation)
S2 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2004-07-17] ()
R0 viamraid; C:\Windows\System32\DRIVERS\viamraid.sys [117248 2008-07-09] (VIA Technologies inc,.ltd)
S3 catchme; \??\C:\DOCUME~1\XXXXX-~1\LOCALS~1\Temp\catchme.sys [x]
S3 GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS [x]
S4 IntelIde; No ImagePath
S3 NTACCESS; \??\F:\NTACCESS.sys [x]
S3 SetupNTGLM7X; \??\F:\NTGLM7X.sys [x]
S3 xcqadj; \??\C:\WINDOWS\system32\01.tmp [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: hkskqyew -> No Registry Path.

==================== One Month Created Files and Folders ========

2013-08-21 15:28 - 2013-08-21 15:28 - 01070183 _____ (Farbar) C:\FRST.exe
2013-08-21 14:41 - 2013-08-21 14:41 - 00090112 _____ C:\WINDOWS\Minidump\Mini082113-01.dmp
2013-08-20 21:52 - 2013-02-08 00:49 - 07622112 _____ (Malwarebytes Corporation ) C:\Documents and Settings\XXXXX-XXXXX\Desktop\mbam-setup.exe
2013-08-20 21:33 - 2013-08-20 21:33 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-20 21:33 - 2013-08-20 21:33 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-20 21:33 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-08-20 21:32 - 2013-08-20 21:32 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\XXXXX-XXXXX\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-20 21:19 - 2013-08-20 21:27 - 00000000 ____D C:\Documents and Settings\XXXXX-XXXXX\Desktop\mbar
2013-08-20 21:19 - 2013-08-20 21:19 - 00035144 _____ C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-08-20 21:18 - 2013-08-20 21:19 - 12081912 _____ (Malwarebytes Corp.) C:\Documents and Settings\XXXXX-XXXXX\Desktop\mbar-1.06.1.1005.exe
2013-08-19 20:03 - 2013-08-21 15:59 - 00013724 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-19 19:57 - 2013-08-19 19:57 - 00007381 _____ C:\ComboFix.txt
2013-08-19 19:07 - 2013-08-19 19:07 - 00000000 ____D C:\Documents and Settings\XXXXX-XXXXX\Application Data\Malwarebytes
2013-08-19 19:07 - 2013-08-19 19:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-08-03 21:07 - 2004-08-04 00:56 - 00010752 ____N (Microsoft Corporation) C:\WINDOWS\system32\smtpapi.dll
2013-08-03 21:07 - 2004-08-04 00:56 - 00009728 ____N (Microsoft Corporation) C:\WINDOWS\system32\rwnh.dll
2013-08-02 20:39 - 2004-08-03 23:01 - 00025856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbprint.sys
2013-08-02 20:39 - 2004-08-03 23:01 - 00025856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2013-07-23 08:42 - 2013-07-23 08:42 - 00000000 ____D C:\Documents and Settings\XXXXX-XXXXX\Application Data\ML
2013-07-23 08:38 - 2013-07-23 08:38 - 00000000 ____D C:\WINDOWS\MetaUSBDriver
2013-07-23 08:38 - 2013-07-23 08:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\iRiver
2013-07-23 08:36 - 2013-07-23 08:38 - 00000000 ____D C:\Documents and Settings\XXXXX-XXXXX\My Documents\Iriver Plus4
2013-07-23 08:36 - 2013-07-23 08:36 - 00003565 _____ C:\aqua_bitmap.cpp
2013-07-23 08:35 - 2013-07-23 08:35 - 01286152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml4.dll
2013-07-23 08:35 - 2013-07-23 08:35 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml4r.dll

==================== One Month Modified Files and Folders =======

2013-08-21 15:59 - 2013-08-19 20:03 - 00013724 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-21 15:59 - 2013-02-08 19:19 - 00000430 _____ C:\WINDOWS\wincmd.ini
2013-08-21 15:59 - 2013-02-07 14:53 - 00000178 ___SH C:\Documents and Settings\XXXXX-XXXXX\ntuser.ini
2013-08-21 15:40 - 2013-02-12 18:09 - 00154875 _____ C:\PollSt.txt
2013-08-21 15:40 - 2013-02-07 15:10 - 00000000 __SHD C:\WINDOWS\CSC
2013-08-21 15:40 - 2013-02-07 14:50 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-21 15:28 - 2013-08-21 15:28 - 01070183 _____ (Farbar) C:\FRST.exe
2013-08-21 14:41 - 2013-08-21 14:41 - 00090112 _____ C:\WINDOWS\Minidump\Mini082113-01.dmp
2013-08-20 22:36 - 2013-02-07 14:53 - 00032610 _____ C:\WINDOWS\SchedLgU.Txt
2013-08-20 21:33 - 2013-08-20 21:33 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-20 21:33 - 2013-08-20 21:33 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-20 21:32 - 2013-08-20 21:32 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\XXXXX-XXXXX\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-20 21:27 - 2013-08-20 21:19 - 00000000 ____D C:\Documents and Settings\XXXXX-XXXXX\Desktop\mbar
2013-08-20 21:27 - 2013-02-07 14:48 - 00000000 ____D C:\WINDOWS\srchasst
2013-08-20 21:19 - 2013-08-20 21:19 - 00035144 _____ C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-08-20 21:19 - 2013-08-20 21:18 - 12081912 _____ (Malwarebytes Corp.) C:\Documents and Settings\XXXXX-XXXXX\Desktop\mbar-1.06.1.1005.exe
2013-08-19 19:58 - 2013-02-09 01:12 - 00000000 ____D C:\Documents and Settings\XXXXX-XXXXX\Application Data\uTorrent
2013-08-19 19:58 - 2013-02-09 00:57 - 00000000 ____D C:\Documents and Settings\XXXXX-XXXXX\Application Data\Winamp
2013-08-19 19:58 - 2013-02-08 20:29 - 00000000 ____D C:\WINDOWS\Minidump
2013-08-19 19:58 - 2013-02-08 19:28 - 00000000 ___SD C:\Documents and Settings\XXXXX-XXXXX\UserData
2013-08-19 19:58 - 2013-02-07 14:53 - 00000000 ____D C:\Documents and Settings\XXXXX-XXXXX
2013-08-19 19:58 - 2013-02-07 14:48 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-08-19 19:57 - 2013-08-19 19:57 - 00007381 _____ C:\ComboFix.txt
2013-08-19 19:57 - 2013-02-10 01:16 - 00000000 ____D C:\Qoobox
2013-08-19 19:56 - 2001-08-23 14:00 - 00000262 _____ C:\WINDOWS\system.ini
2013-08-19 19:47 - 2013-02-10 01:15 - 05105821 ____R (Swearware) C:\Documents and Settings\XXXXX-XXXXX\Desktop\ComboFix.exe
2013-08-19 19:07 - 2013-08-19 19:07 - 00000000 ____D C:\Documents and Settings\XXXXX-XXXXX\Application Data\Malwarebytes
2013-08-19 19:07 - 2013-08-19 19:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-08-16 21:51 - 2013-07-07 20:12 - 00000000 ____D C:\Documents and Settings\XXXXX-XXXXX\Local Settings\Application Data\NFS Underground 2
2013-08-14 16:49 - 2013-06-01 23:16 - 00000000 ____D C:\Program Files\PokerStars
2013-08-13 17:19 - 2013-02-07 14:53 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-08-13 16:09 - 2013-02-10 15:26 - 00000000 ____D C:\Program Files\ESET
2013-08-12 17:55 - 2013-03-26 16:32 - 00692104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-08-12 17:55 - 2013-03-26 16:32 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-08-12 17:55 - 2013-02-08 19:23 - 00000000 ____D C:\Documents and Settings\XXXXX-XXXXX\Local Settings\Application Data\Adobe
2013-08-03 21:09 - 2013-02-07 16:07 - 00000249 _____ C:\WINDOWS\system32\spupdwxp.log
2013-08-03 21:09 - 2013-02-07 16:03 - 00316640 _____ C:\WINDOWS\WMSysPr9.prx
2013-08-03 21:09 - 2013-02-07 14:53 - 00000792 _____ C:\Documents and Settings\XXXXX-XXXXX\Start Menu\Programs\Windows Media Player.lnk
2013-08-03 21:09 - 2001-08-23 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-08-03 21:08 - 2013-02-11 15:34 - 00000000 ____D C:\WINDOWS\security
2013-08-03 21:07 - 2013-02-11 15:38 - 00000327 __RSH C:\boot.ini
2013-08-03 21:07 - 2013-02-11 15:34 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2013-07-28 22:32 - 2013-07-16 21:32 - 00000000 ____D C:\Documents and Settings\XXXXX-XXXXX\My Documents\Syberia Saves
2013-07-25 22:14 - 2013-02-07 14:56 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-07-23 08:42 - 2013-07-23 08:42 - 00000000 ____D C:\Documents and Settings\XXXXX-XXXXX\Application Data\ML
2013-07-23 08:38 - 2013-07-23 08:38 - 00000000 ____D C:\WINDOWS\MetaUSBDriver
2013-07-23 08:38 - 2013-07-23 08:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\iRiver
2013-07-23 08:38 - 2013-07-23 08:36 - 00000000 ____D C:\Documents and Settings\XXXXX-XXXXX\My Documents\Iriver Plus4
2013-07-23 08:36 - 2013-07-23 08:36 - 00003565 _____ C:\aqua_bitmap.cpp
2013-07-23 08:35 - 2013-07-23 08:35 - 01286152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml4.dll
2013-07-23 08:35 - 2013-07-23 08:35 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml4r.dll
2013-07-23 08:35 - 2013-02-08 19:54 - 00000000 ____D C:\Documents and Settings\XXXXX-XXXXX\Local Settings\Application Data\Downloaded Installations

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2013-02-07 15:58] - [2004-08-04 01:56] - 1032192 ____A (Microsoft Corporation) a0732187050030ae399b241436565e64

C:\Windows\System32\winlogon.exe
[2013-02-07 15:58] - [2004-08-04 01:56] - 0502272 ____A (Microsoft Corporation) 01c3346c241652f43aed8e2149881bfe

C:\Windows\System32\svchost.exe
[2013-02-07 15:58] - [2004-08-04 01:56] - 0014336 ____A (Microsoft Corporation) 8f078ae4ed187aaabc0a305146de6716

C:\Windows\System32\services.exe
[2013-02-07 15:58] - [2004-08-04 01:56] - 0108032 ____A (Microsoft Corporation) c6ce6eec82f187615d1002bb3bb50ed4

C:\Windows\System32\User32.dll
[2013-02-07 15:58] - [2004-08-04 01:56] - 0577024 ____A (Microsoft Corporation) c72661f8552ace7c5c85e16a3cf505c4

C:\Windows\System32\userinit.exe
[2013-02-07 15:58] - [2004-08-04 01:56] - 0024576 ____A (Microsoft Corporation) 39b1ffb03c2296323832acbae50d2aff

C:\Windows\System32\Drivers\volsnap.sys
[2013-02-07 15:58] - [2004-08-04 00:00] - 0052352 ____A (Microsoft Corporation) ee4660083deba849ff6c485d944b379b

==================== End Of Log ============================

vyosek píše: Vy jste tam poustel ComboFix?

Jedna se do domaci PC nebo nejake pracovni\firemni?

Windows jsou legalne zakoupene?

VIRY.CZ

Conficker aa cerv

Conficker aa cerv

Re: Conficker aa cerv

Re: Conficker aa cerv

Re: Conficker aa cerv

Re: Conficker aa cerv

Re: Conficker aa cerv

Re: Conficker aa cerv